EUVD-2022-27664

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Bug in CmpUserMgr may allow anonymous access due to partially applied security policies.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2022-22518	6 Apr 202210:00	–	attackerkb
Circl	CVE-2022-22518	7 Apr 202222:36	–	circl
CNNVD	Schneider Electric CmpUserMgr 安全漏洞	7 Apr 202200:00	–	cnnvd
CVE	CVE-2022-22518	7 Apr 202218:21	–	cve
Cvelist	CVE-2022-22518 A bug in the CODESYS V3 CmpUserMgr component fails to correctly apply a security policy.	7 Apr 202218:21	–	cvelist
NVD	CVE-2022-22518	7 Apr 202219:15	–	nvd
OSV	CVE-2022-22518	7 Apr 202219:15	–	osv
Prion	Code injection	7 Apr 202219:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "888d46f5-d8bd-38c8-ab14-758e4a60090e",
        "vendor": {
          "name": "CODESYS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "11c51ea0-bf63-3563-a9ca-f904fdef170d",
        "product": {
          "name": "CODESYS Control for WAGO Touch Panels 600 SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "287ec2b3-2951-3e92-8ce3-26d93b4bc41e",
        "product": {
          "name": "CODESYS Control for PFC200 SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "3b235f24-e1e0-3c8c-995b-6f1992f1d34f",
        "product": {
          "name": "CODESYS Control for IOT2000 SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "3ce1963e-0033-39c3-aabb-e31a4278dc8e",
        "product": {
          "name": "CODESYS Control for emPC-A/iMX6 SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "3f91949a-f866-369e-b85a-ec7adf4d0d27",
        "product": {
          "name": "CODESYS Control for Linux SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "9632690f-8c8f-3192-b0fb-994ce550f71d",
        "product": {
          "name": "CODESYS Control Runtime System Toolkit"
        },
        "product_version": "V3.5.18.0 <V3.5.18.0"
      },
      {
        "id": "aa0505e9-6d0a-3b02-9dca-9008754c644b",
        "product": {
          "name": "CODESYS Control for Beckhoff CX9020 SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "c3751c2b-31f7-350d-b572-4f3b38ac2138",
        "product": {
          "name": "CODESYS Control for PFC100 SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "c4ef1b19-11e0-3073-9e9e-cad05ac05d58",
        "product": {
          "name": "CODESYS Control for BeagleBone SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      },
      {
        "id": "dfcca240-2399-354b-beea-f7ea5fd9c3c5",
        "product": {
          "name": "CODESYS Control for Raspberry Pi SL"
        },
        "product_version": "V4.5.0.0 <V4.5.0.0"
      }
    ]
  }
]

Source	Link
customers	www.customers.codesys.com/index.php

03 Oct 2025 20:07Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.5

CVSS 26.4

EPSS0.00586